Merge pull request #8920 from shirady/iam-add-empty-list

NC | IAM | Return Empty List On Unimplemented Operations (`list-group-for-user`)

Author: shirady

docs/design/iam.md

@@ -126,6 +126,9 @@ Here attached a diagram with all the accounts that we have in our system:
 - IAM DeleteAccessKey: AccessKeyId, UserName
 - IAM ListAccessKeys: UserName (not supported: Marker, MaxItems)
 
+### Other
+- IAM ListGroupsForUser - would always return empty list (to check that the user exists it runs GetUser).
+
 ### Configuration Directory Components With users
 If account creates a user its config file will be created under identities/<user-id>.identity.json and under the account will be created `users/` directory and inside it it will link to the config.
 Example:

src/endpoint/iam/iam_rest.js

@@ -34,6 +34,7 @@ const ACTIONS = Object.freeze({
     'UpdateAccessKey': 'update_access_key',
     'DeleteAccessKey': 'delete_access_key',
     'ListAccessKeys': 'list_access_keys',
+    'ListGroupsForUser': 'list_groups_for_user',
 });
 
 // notice: shows all methods as method post
@@ -50,6 +51,8 @@ const IAM_OPS = js_utils.deep_freeze({
     post_update_access_key: require('./ops/iam_update_access_key'),
     post_delete_access_key: require('./ops/iam_delete_access_key'),
     post_list_access_keys: require('./ops/iam_list_access_keys'),
+    // other (currently ops that return empty just not to fail them)
+    post_list_groups_for_user: require('./ops/iam_list_groups_for_user.js'),
 });
 
 async function iam_rest(req, res) {

src/endpoint/iam/ops/iam_list_groups_for_user.js

@@ -0,0 +1,45 @@
+/* Copyright (C) 2024 NooBaa */
+'use strict';
+
+const dbg = require('../../../util/debug_module')(__filename);
+const { CONTENT_TYPE_APP_FORM_URLENCODED } = require('../../../util/http_utils');
+const iam_utils = require('../iam_utils');
+const iam_constants = require('../iam_constants');
+
+/**
+ * https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListGroupsForUser.html
+ */
+async function list_groups_for_user(req, res) {
+
+    const params = {
+        username: req.body.user_name,
+    };
+
+    dbg.log1('To check that we have the user we will run the IAM GET USER', params);
+    iam_utils.validate_params(iam_constants.IAM_ACTIONS.GET_USER, params);
+    await req.account_sdk.get_user(params);
+
+    dbg.log1('IAM LIST GROUPS FOR USER (returns empty list on every request)', params);
+
+    return {
+        ListGroupsForUserResponse: {
+            ListGroupsForUserResult: {
+                Groups: [],
+                IsTruncated: false,
+            },
+            ResponseMetadata: {
+                RequestId: req.request_id,
+            }
+        },
+    };
+}
+
+module.exports = {
+    handler: list_groups_for_user,
+    body: {
+        type: CONTENT_TYPE_APP_FORM_URLENCODED,
+    },
+    reply: {
+        type: 'xml',
+    },
+};

src/test/unit_tests/test_nc_iam_basic_integration.js

@@ -11,8 +11,11 @@ const { TMP_PATH, generate_nsfs_account, get_new_buckets_path_by_test_env, gener
          get_coretest_path } = require('../system_tests/test_utils');
 const { ListUsersCommand, CreateUserCommand, GetUserCommand, UpdateUserCommand, DeleteUserCommand,
         ListAccessKeysCommand, CreateAccessKeyCommand, GetAccessKeyLastUsedCommand,
-        UpdateAccessKeyCommand, DeleteAccessKeyCommand } = require('@aws-sdk/client-iam');
+        UpdateAccessKeyCommand, DeleteAccessKeyCommand,
+        ListGroupsForUserCommand } = require('@aws-sdk/client-iam');
 const { ACCESS_KEY_STATUS_ENUM } = require('../../endpoint/iam/iam_constants');
+const IamError = require('../../endpoint/iam/iam_errors').IamError;
+
 
 const coretest_path = get_coretest_path();
 const coretest = require(coretest_path);
@@ -229,6 +232,54 @@ mocha.describe('IAM basic integration tests - happy path', async function() {
             _check_status_code_ok(response);
         });
     });
+
+    mocha.describe('IAM other APIs (currently returns empty value)', async function() {
+        const username3 = 'Emi';
+
+        mocha.before(async () => {
+            // create a user
+            const input = {
+                UserName: username3
+            };
+            const command = new CreateUserCommand(input);
+            const response = await iam_account.send(command);
+            _check_status_code_ok(response);
+        });
+
+        mocha.after(async () => {
+            // delete a user
+            const input = {
+                UserName: username3
+            };
+            const command = new DeleteUserCommand(input);
+            const response = await iam_account.send(command);
+            _check_status_code_ok(response);
+        });
+
+        mocha.it('list groups for non existing user - should throw an error', async function() {
+            try {
+                const input = {
+                    UserName: 'non-existing-user'
+                };
+                const command = new ListGroupsForUserCommand(input);
+                await iam_account.send(command);
+                assert.fail('list groups for non existing user - should throw an error');
+            } catch (err) {
+                const err_code = err.Error.Code;
+                assert.equal(err_code, IamError.NoSuchEntity.code);
+            }
+        });
+
+        mocha.it('list groups for user - should be empty', async function() {
+            const input = {
+                UserName: username3
+            };
+            const command = new ListGroupsForUserCommand(input);
+            const response = await iam_account.send(command);
+            _check_status_code_ok(response);
+            assert.equal(response.Groups.length, 0);
+        });
+    });
 });
 
 /**